clean-code
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains a 'Verification Scripts' section that instructs the agent to execute multiple Python scripts using hardcoded absolute paths located in other skill directories (e.g.,
python ~/.claude/skills/vulnerability-scanner/scripts/security_scan.py .). This triggers command execution on files external to the skill's own package, whose source and integrity cannot be verified by this skill alone. - [PROMPT_INJECTION]: The 'Script Output Handling' section requires the agent to capture and parse 'ALL output' from verification scripts to summarize it. This creates a surface for Indirect Prompt Injection (Category 8c), where malicious content in the scanned workspace could cause a script to output instructions that the agent then summarizes or follows.
- Ingestion points: Raw script output captured during the validation phase.
- Boundary markers: None; the instructions mandate capturing all output without using delimiters or sanitization instructions.
- Capability inventory: Multiple subprocess executions of Python scripts across various functional domains.
- Sanitization: No validation or filtering of the captured output is performed before the summary is generated.
Audit Metadata